Authorization Privilege Model for Cloudera Search

Sentry privileges for Cloudera Search are constructed as follows:

<objectType>=<specificObject>->action=<action>

For example, the following privilege grants write access (UPDATE) to the tweets collection:

collection=tweets->action=UPDATE

Using Sentry with Cloudera Search, you can control access the following privilege object types:

  • admin
  • collection
  • config
  • schema

The admin object type controls access to administrative actions through the following privilege objects:

  • collections - Controls access to the Collections API
  • cores - Controls access to the CoreAdmin API
  • security - Controls access to Solr security configurations (the security.json file in ZooKeeper)
  • metrics - Controls access to the Metrics API
  • autoscaling - Controls access to the Autoscaling API

Privilege objects can be granted the following privileges:

  • QUERY: Read access
  • UPDATE: Write access (including delete)
  • *: Read and write access

If no privileges are granted, no access is possible. For example, accessing the Solr Admin UI requires the QUERY privilege. If no users are granted the QUERY privilege, no access to the Solr Admin UI is possible.

Non-administrative requests may only require privileges on the specific collection or config on which the request is being performed.

Administrative requests may require privileges for both the specific admin object and the collection. This is denoted as admin=<adminObject>, collection=<collectionName> in the tables below.

Privilege Table for Collections API Administrative Actions
Required Privileges Collections API Action
admin=collections->action=UPDATE
collection=<aliasName>->action=UPDATE
CREATEALIAS
DELETEALIAS
admin=collections->action=UPDATE
collection=<collectionName>->action=UPDATE
CREATE
DELETE
MODIFYCOLLECTION
RELOAD
CREATESHARD
DELETESHARD
SPLITSHARD
SYNCSHARD
CREATESNAPSHOT
DELETESNAPSHOT
RESTORE
ADDREPLICA
DELETEREPLICA
MOVEREPLICA
ADDREPLICAPROP
DELETEREPLICAPROP
MIGRATESTATEFORMAT
FORCELEADER
REBALANCELEADERS
BALANCESHARDUNIQUE
MIGRATE (Destination Collection)
admin=collections->action=UPDATE
ADDROLE
REMOVEROLE
CLUSTERPROP
DELETESTATUS
DELETENODE
REPLACENODE
admin=collections->action=QUERY
collection=<collectionName>->action=QUERY
LISTSNAPSHOTS
BACKUP
MIGRATE (Source Collection)
admin=collections->action=QUERY
LIST
LISTALIASES
REQUESTSTATUS
OVERSEERSTATUS
CLUSTERSTATUS
Privilege Table for CoreAdmin API Administrative Actions
Required Privileges CoreAdmin API Action
admin=cores->action=UPDATE
collection=<coreName>->action=UPDATE
CREATE
RENAME
UNLOAD
RELOAD
SWAP
MERGEINDEXES
SPLIT
PREPRECOVERY
REQUESTRECOVERY
REQUESTSYNCSHARD
REQUESTAPPLYUPDATES
REQUESTBUFFERUPDATES
REQUESTAPPLYUPDATES
REQUESTSYNCSHARD
REJOINLEADERELECTION
PREPRECOVERY
FORCEPREPAREFORLEADERSHIP
CREATESNAPSHOT
DELETESNAPSHOT
RESTORECORE
admin=cores->action=QUERY
collection=<coreName>->action=QUERY
LISTSNAPSHOTS
STATUS
BACKUPCORE
Privilege table for Config API actions
Required Privileges Config API Action
config=<configName>->action=*
CREATE
DELETE

Solr Authorization Privilege Model Changes in CDH 6

The Solr authorization privilege model for Sentry in CDH 6 replaces the special admin collection with a new admin privilege object type. The admin object type supports the following privilege objects, allowing you to control access to different types of administrative operations separately:

  • collections - Controls access to the Collections API
  • cores - Controls access to the CoreAdmin API
  • security - Controls access to Solr security configurations (the security.json file in ZooKeeper)
  • metrics - Controls access to the Metrics API
  • autoscaling - Controls access to the Autoscaling API

The admin collection in CDH 5 is the equivalent of the admin=collections and admin=cores privilege objects in CDH 6. The following table shows equivalent Sentry permissions in CDH 5 and CDH 6:

Cloudera Search Sentry Privilege Changes
CDH 5 Privilege Rule CDH 6 Privilege Rule
collection=admin->action=*
admin=collections->action=*
admin=cores->action=*
collection=admin->action=update
admin=collections->action=update
admin=cores->action=update
config=myConfig->action=*
collection=admin->action=update
config=myConfig->action=*
collection=*->action=*
admin=collections->action=*
admin=cores->action=*
collection=*->action=*

Sentry in CDH 6 supports collection, admin, config, and schema privilege object types for Solr. For more information about the authorization privilege model for Cloudera Search, see Authorization Privilege Model for Cloudera Search.